diff options
author | Luke Bennett <lbennett@gitlab.com> | 2018-12-19 12:04:24 +0000 |
---|---|---|
committer | Luke Bennett <lbennett@gitlab.com> | 2018-12-22 02:24:06 +0000 |
commit | a75eeffdeed226b7b5152618c29409d57ad3aa17 (patch) | |
tree | b83ef47bdf2a210bee6867d51ddac2466c6fc732 | |
parent | a26e37deb3aa4728523282435ed991d373db3753 (diff) | |
download | gitlab-ce-fix-403-page-is-rendered-but-404-is-the-response.tar.gz |
Show the correct error page when access is deniedfix-403-page-is-rendered-but-404-is-the-response
4 files changed, 11 insertions, 3 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 140a625d333..a447879421a 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -177,11 +177,12 @@ class ApplicationController < ActionController::Base # hide existence of the resource, rather tell them they cannot access it using # the provided message status ||= message.present? ? :forbidden : :not_found + template = status == :not_found ? "errors/not_found" : "errors/access_denied" respond_to do |format| format.any { head status } format.html do - render "errors/access_denied", + render template, layout: "errors", status: status, locals: { message: message } diff --git a/changelogs/unreleased/fix-403-page-is-rendered-but-404-is-the-response.yml b/changelogs/unreleased/fix-403-page-is-rendered-but-404-is-the-response.yml new file mode 100644 index 00000000000..eda69b32094 --- /dev/null +++ b/changelogs/unreleased/fix-403-page-is-rendered-but-404-is-the-response.yml @@ -0,0 +1,5 @@ +--- +title: Show the correct error page when access is denied +merge_request: 23932 +author: +type: fixed diff --git a/spec/controllers/application_controller_spec.rb b/spec/controllers/application_controller_spec.rb index 43f561f7a25..c290acb72aa 100644 --- a/spec/controllers/application_controller_spec.rb +++ b/spec/controllers/application_controller_spec.rb @@ -519,12 +519,14 @@ describe ApplicationController do get :index expect(response).to have_gitlab_http_status(404) + expect(response).to render_template('errors/not_found') end it 'renders a 403 when a message is passed to access denied' do get :index, params: { message: 'None shall pass' } expect(response).to have_gitlab_http_status(403) + expect(response).to render_template('errors/access_denied') end it 'renders a status passed to access denied' do diff --git a/spec/features/projects/pipelines/pipeline_spec.rb b/spec/features/projects/pipelines/pipeline_spec.rb index a37ad9c3f43..8fb0c141a47 100644 --- a/spec/features/projects/pipelines/pipeline_spec.rb +++ b/spec/features/projects/pipelines/pipeline_spec.rb @@ -477,10 +477,10 @@ describe 'Pipeline', :js do end context 'when accessing failed jobs page' do - it 'fails to access the page' do + it 'renders a 404 page' do subject - expect(page).to have_title('Access Denied') + expect(page).to have_title('Not Found') end end end |